Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

T5142: Add audit tool to monitor security-relevant events #1938

Merged
merged 1 commit into from Apr 4, 2023
Merged

T5142: Add audit tool to monitor security-relevant events #1938

merged 1 commit into from Apr 4, 2023

Conversation

sever-sever
Copy link
Member

@sever-sever sever-sever commented Apr 4, 2023
edited

Change Summary

One of the requirements of a Collaborative Protection Profile cPP for Network Devices is using a system auditing tool to monitor and log all security-relevant events.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes)
  • Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • Other (please describe):

Related PR's

Related Task(s)

Component(s) name

audit, log

Proposed changes

How to test

vyos@r14:~$ show log audit | tail -n 5
type=USER_LOGIN msg=audit(1680605305.274:946): pid=3991 uid=0 auid=4294967295 ses=4294967295 msg='op=login acct="foo" exe="/usr/sbin/sshd" hostname=? addr=192.168.122.1 terminal=sshd res=failed'UID="root" AUID="unset"
type=USER_AUTH msg=audit(1680605306.452:947): pid=3991 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=? acct="foo" exe="/usr/sbin/sshd" hostname=192.168.122.1 addr=192.168.122.1 terminal=ssh res=failed'UID="root" AUID="unset"
type=USER_LOGIN msg=audit(1680605308.416:948): pid=3991 uid=0 auid=4294967295 ses=4294967295 msg='op=login acct="foo" exe="/usr/sbin/sshd" hostname=? addr=192.168.122.1 terminal=sshd res=failed'UID="root" AUID="unset"
type=USER_AUTH msg=audit(1680605309.691:949): pid=3991 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication grantors=? acct="foo" exe="/usr/sbin/sshd" hostname=192.168.122.1 addr=192.168.122.1 terminal=ssh res=failed'UID="root" AUID="unset"
type=USER_LOGIN msg=audit(1680605312.068:950): pid=3991 uid=0 auid=4294967295 ses=4294967295 msg='op=login acct="foo" exe="/usr/sbin/sshd" hostname=? addr=192.168.122.1 terminal=sshd res=failed'UID="root" AUID="unset"
vyos@r14:~$

Checklist:

  • I have read the CONTRIBUTING document
  • I have linked this PR to one or more Phabricator Task(s)
  • I have run the components SMOKETESTS if applicable
  • My commit headlines contain a valid Task id
  • My change requires a change to the documentation
  • I have updated the documentation accordingly

@vyosbot vyosbot requested a review from a team April 4, 2023 10:49
@sever-sever sever-sever mentioned this pull request Apr 4, 2023
Merged
11 tasks
@c-po c-po merged commit 73c797b into vyos:current Apr 4, 2023
4 of 7 checks passed
@sever-sever sever-sever deleted the T5142 branch May 10, 2023 08:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@c-po c-po c-po approved these changes

Assignees

@sever-sever sever-sever

Labels
None yet
Milestone
No milestone
2 participants
@sever-sever @c-po